Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-7254

Опубликовано: 19 сент. 2024
Источник: debian
EPSS Низкий

Описание

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
protobuffixed3.21.12-12package
protobufno-dsatrixiepackage
protobufno-dsabookwormpackage
protobufpostponedbullseyepackage

Примечания

  • https://github.com/protocolbuffers/protobuf/commit/b7044987de77f1dc368fee558636d0b56d7e75e1 (v3.25.5)

  • https://github.com/protocolbuffers/protobuf/commit/850fcce9176e2c9070614dab53537760498c926b (v3.25.5)

  • https://github.com/protocolbuffers/protobuf/commit/4728531c162f2f9e8c2ca1add713cfee2db6be3b (v3.25.5)

  • https://github.com/protocolbuffers/protobuf/commit/f000b7e18fd6921ca02ea4b87608e8cadcb7b64f (v3.25.5)

  • https://github.com/protocolbuffers/protobuf/commit/b5a7cf7cf4b7e39f6b02205e45afe2104a7faf81 (v3.25.5)

  • https://github.com/advisories/GHSA-735f-pc8j-v9w8

EPSS

Процентиль: 23%
0.00077
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-7254

CVSS3: 7.5
ubuntu
больше 1 года назад

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.

redhat логотип

CVE-2024-7254

CVSS3: 7.5
redhat
больше 1 года назад

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.

nvd логотип

CVE-2024-7254

CVSS3: 7.5
nvd
больше 1 года назад

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.

suse-cvrf логотип

SUSE-SU-2024:3747-1

suse-cvrf
около 1 года назад

Security update for protobuf

suse-cvrf логотип

SUSE-SU-2024:3746-1

suse-cvrf
около 1 года назад

Security update for protobuf

EPSS

Процентиль: 23%
0.00077
Низкий